On August 11, 2025, the Office for Civil Rights (OCR) published updated guidance relating to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (Privacy Rule) in the form of two new FAQs. The FAQs clarify the OCR’s position on (1) permitted disclosures of protected health information (PHI) to value-based care arrangements and (2)
protected health information (PHI)
Purl v HHS: Resetting the Reproductive Health Privacy Landscape
By Roma Patel on
Posted in HIPAA and Health Information
Reproductive health privacy is once again in the legal spotlight with a recent federal district court decision that struck down nearly all of a recent rule under the Health Insurance Portability and Accountability Act (HIPAA) that protected reproductive healthcare-related information privacy.
In a ruling issued on June 18, 2025, in Purl v. Department of Health…
Breaches Within Breaches: Contractual Obligations After a Security Incident
By Roma Patel on
Posted in Enforcement + Litigation
We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s April 2025 complaint against its managed services provider for its alleged failure to satisfy its…
Northeast Radiology Settles with OCR
By Linn Foster Freedman on
Posted in Health Information Privacy
The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000.
The investigation followed a breach report by Northeast Radiology to OCR in March 2020 after unauthorized individuals accessed radiology images stored in PAC servers. Northeast Radiology notified 298,532 patients of…